US9627081B2ActiveUtilityA1

Manufacturing mode for secure firmware using lock byte

50
Assignee: LEWIS TIMOTHY ANDREWPriority: Oct 5, 2007Filed: Oct 5, 2007Granted: Apr 18, 2017
Est. expiryOct 5, 2027(~1.2 yrs left)· nominal 20-yr term from priority
G11C 16/22G06F 21/575G06F 21/572G06F 21/78
50
PatentIndex Score
3
Cited by
27
References
24
Claims

Abstract

Upon initialization or startup of an electronic device, the device checks a predetermined section of non-volatile memory, referred to as the signature byte or lock byte, and allows either the manufacturing mode which allows for installation of the final or production version of firmware to be loaded into non-volatile memory, or the production mode which write-protects certain portions of non-volatile memory before giving operating control of the electronic device to another program, for example, an operating system. By only allowing execution of operating system or other executable code after write-protecting certain portions of non-volatile memory, system security, integrity, and robustness are substantially increased.

Claims

exact text as granted — not AI-modified
What is claimed is: 
     
       1. A method for securing non-volatile memory comprising:
 updating a signature byte, stored within a non-volatile memory, from a default value specifying a write-protected mode to an updated value specifying a write-enabled mode; 
 after updating the signature byte from the default value to the updated value, determining that the signature byte is set to a value associated with the write-enabled mode; 
 write-protecting at least one sector of the non-volatile memory if the signature byte is not set to the value associated with the the write-enabled mode; 
 after updating the signature byte from the default value to the updated value, preventing an entire sector in which the signature byte resides from being set to a predefined sector value unless a replacement firmware identifier associated with a replacement firmware matches a required replacement firmware identifier; 
 determining whether a reflash of the non-volatile memory is authorized by comparing the replacement firmware identifier against the required replacement firmware identifier and indicating that reflash of the non-volatile memory is authorized if the replacement firmware identifier matches the required replacement firmware identifier; and 
 if the reflash of the non-volatile memory is authorized, write-enabling the non-volatile memory, reflashing the non-volatile memory, and setting the signature byte to a value different from the value associated with the the write-enabled mode. 
 
     
     
       2. The method of  claim 1 , wherein the default value is an initial state of the non-volatile memory or a result of performing an erase operation. 
     
     
       3. The method of  claim 1 , further comprising the step of finding a signature byte by searching for a pre-determined header structure within the non-volatile memory, the pre-determined header structure being unique to the signature byte. 
     
     
       4. The method of  claim 1 , further comprising the step of finding a signature byte by reading a pre-determined location within the nonvolatile memory. 
     
     
       5. The method of  claim 4 , wherein the pre-determined location of nonvolatile memory is a memory address. 
     
     
       6. The method of  claim 1 , wherein the signature byte is located within the at least one sector of the non-volatile memory. 
     
     
       7. The method of  claim 6 , wherein the step of write-protecting the at least one sector of the non-volatile memory remains in effect until at least one of a power-on, system reset, or resume from CPU-off/suspend. 
     
     
       8. The method of  claim 1 , wherein the signature byte is not located within the at least one sector of the non-volatile memory, and further including the step of write-protecting the signature byte if the signature byte is not set to the value associated with the the write-enabled mode. 
     
     
       9. The method of  claim 8 , wherein the step of write-protecting the signature byte remains in effect until at least one of a power-on, system reset, or resume from CPU-off/suspend. 
     
     
       10. The method of  claim 1 , wherein the non-volatile memory is a flash memory, and the step of write-protecting the at least one sector of non-volatile memory includes using flash-programming commands to set at least one sector of the flash memory to a write-protected state. 
     
     
       11. The method of  claim 1 , wherein the step of write-protecting the at least one sector of the non-volatile memory includes using chipset write-protect registers. 
     
     
       12. The method of  claim 1 , wherein the step of write-protecting the at least one sector of the non-volatile memory includes connecting a general purpose output to a pin of the non-volatile memory that controls writing to the non-volatile memory and setting the general purpose output to a state that disables writing to the non-volatile memory. 
     
     
       13. The method of  claim 12 , wherein the state of the general purpose output is locked until an electronic device is reset. 
     
     
       14. The method of  claim 1 , further comprising the steps of:
 modifying firmware of the non-volatile memory if the signature byte is set to the value associated with the the write-enabled mode, and then changing the signature byte to a different value than the value associated with the the write-enabled mode. 
 
     
     
       15. The method of  claim 14 , wherein the step of modifying the firmware further includes adding firmware to the non-volatile memory. 
     
     
       16. The method of  claim 14 , wherein the step of changing the signature byte includes writing to the signature byte with a bitwise not of the signature byte. 
     
     
       17. The method of  claim 16 , wherein the at least one sector of non-volatile memory is either NAND-type flash or ˜OR-type flash, and wherein the step of changing the signature byte further comprises the steps of:
 determining whether the value of the signature byte changed following the step of writing to the signature byte with a bitwise not of the signature byte; and 
 if the signature byte value does not change following the step of writing to the signature byte with a bitwise not of the signature byte, reporting an error message. 
 
     
     
       18. The method of  claim 1 , wherein the step of determining whether a reflash is authorized further includes receiving a username and password combination. 
     
     
       19. The method of  claim 1 , wherein the step of determining whether a reflash is authorized further includes making a secure handshake between a firmware resident in the non-volatile memory and a replacement firmware. 
     
     
       20. The method of  claim 19 , wherein the secure handshake includes using cryptographic keys. 
     
     
       21. The method of  claim 19 ; wherein the secure handshake includes using a replacement firmware that is electronically signed. 
     
     
       22. An electronic device, comprising:
 a processor; and 
 a system memory, coupled to the processor, the system memory maintaining instructions that if executed by the processor, cause the processor to:
 update a signature byte, stored within a non-volatile memory, from a default value specifying a write-protected mode to an updated value specifying a write-enabled mode; 
 after updating the signature byte from the default value to the updated value, determine that the signature byte is set to a value associated with the write-enabled mode; 
 write-protect at least one sector of the non-volatile memory if the signature byte is not set to the value associated with the the write-enabled mode; 
 after updating the signature byte from the default value to the updated value, prevent an entire sector in which the signature byte resides from being set to a predefined sector value unless a replacement firmware identifier associated with a replacement firmware matches a required replacement firmware identifier; 
 determining whether a reflash of the non-volatile memory is authorized by comparing the replacement firmware identifier against the required replacement firmware identifier and indicating that reflash of the non-volatile memory is authorized if the replacement firmware identifier matches the required replacement firmware identifier; and 
 if the reflash of the non-volatile memory is authorized, write-enabling the non-volatile memory, reflashing the non-volatile memory, and setting the signature byte to a value different from the value associated with the the write-enabled mode. 
 
 
     
     
       23. A processor readable storage medium storing code segments, that if executed by a processor, cause the processor to:
 update a signature byte, stored within a non-volatile memory, from a default value specifying a write-protected mode to an updated value specifying a write-enabled mode; 
 after updating the signature byte from the default value to the updated value, determine that the signature byte is set to a value associated with the write-enabled mode; 
 write-protect at least one sector of the non-volatile memory if the signature byte is not set to the value associated with the the write-enabled mode; 
 after updating the signature byte from the default value to the updated value, prevent an entire sector in which the signature byte resides from being set to a predefined sector value unless a replacement firmware identifier associated with a replacement firmware matches a required replacement firmware identifier; 
 determining whether a reflash of the non-volatile memory is authorized by comparing the replacement firmware identifier against the required replacement firmware identifier and indicating that reflash of the non-volatile memory is authorized if the replacement firmware identifier matches the required replacement firmware identifier; and 
 if the reflash of the non-volatile memory is authorized, write-enabling the non-volatile memory, reflashing the non-volatile memory, and setting the signature byte to a value different from the value associated with the the write-enabled mode. 
 
     
     
       24. The processor readable storage medium of  claim 23 , wherein execution of the code segments further causes:
 after updating the signature byte from the default value to the updated value, write firmware to the non-volatile memory or modify portions of the firmware stored in the non-volatile memory if the signature byte is set to the value associated with the the write-enabled mode.

Cited by (0)

No later patents cite this yet.

References (0)

No backward citations on record.